General
-
Target
2025-05-18_e7631c5a28ee5fb8d7bbf747c30f2e6c_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
-
Size
4.2MB
-
Sample
250518-ky9p6ahk2z
-
MD5
e7631c5a28ee5fb8d7bbf747c30f2e6c
-
SHA1
4aff6d55466ef0283b9bc433c951bc1e71b25c6b
-
SHA256
f49f5e7f5ca80262ccc2be5b450dc0b7bdf96497d8fa49864a995a1a0ce76453
-
SHA512
80d9abc709f481b0e842ecd2543347f863631ac40c9afb917f3e51b8098da489fb8e210d641bf003d54ebf3dd80091eb49122ad4d6c188efd4ae628ab4a5d71f
-
SSDEEP
49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4q:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vo
Behavioral task
behavioral1
Sample
2025-05-18_e7631c5a28ee5fb8d7bbf747c30f2e6c_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
2025-05-18_e7631c5a28ee5fb8d7bbf747c30f2e6c_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
-
Size
4.2MB
-
MD5
e7631c5a28ee5fb8d7bbf747c30f2e6c
-
SHA1
4aff6d55466ef0283b9bc433c951bc1e71b25c6b
-
SHA256
f49f5e7f5ca80262ccc2be5b450dc0b7bdf96497d8fa49864a995a1a0ce76453
-
SHA512
80d9abc709f481b0e842ecd2543347f863631ac40c9afb917f3e51b8098da489fb8e210d641bf003d54ebf3dd80091eb49122ad4d6c188efd4ae628ab4a5d71f
-
SSDEEP
49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4q:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vo
-
Gofing
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Gofing family
-
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-